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RE MARKS 

The Examiner has rejected Claims 1, 2, 9, 34, 37-40, and 42-46 under 35 U.S.C. 
101 as being directed to non-statutory subject matter. Applicant respectfully disagrees 
with such rejection, but asserts that such rejection is avoided in view of the amendment 
made to independent Claim 1 hereinabove. 

The Examiner has rejected Claims 1, 2, 9, 21, 27-30, 37-39, and 42-45 under 35 
U.S.C. 1 03(a) as being unpatentable over Khaishgi et al. (U.S. Patent No. 6,658,394), in 
view of Guirguis ("Network- and Host-Based Vulnerability Assessments: An 
Introduction to a Cost Effective and Easy to Use Strategy"), in view of Tiso ("Automated 
Security Scanning"), in view of Bunker, V et al. (U.S. Patent Publication No. 
2003/0028803), and further in view of Blyth ("An XML-based architecture to perform 
data integration and data unification in vulnerability assessments"). Applicant 
respectfully disagrees with such rejection, especially in view of the amendments made 
hereinabove to the independent claims. 

With respect to the independent claims, the Examiner has relied on Page 16, first 
paragraph, as well as Figures 1 and 6 (reproduced below) from the Blyth reference to 
make a prior art showing of applicant's claimed technique "wherein the scanning engine 
parses the set of XML files and stores records of the parsed set of XML Hies in the 
database in association with a device record that is further in association with an account 
number of a provider of the online service" (as amended - see this or simi lar, but not 
necessarily identical language in the independent claims). 
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Further, in the Office Action dated 02/19/2010, the Examiner has argued that 
"Fig, 6 [of Blyth] clearly discloses [that] the resul t of the scan includes the URL and an 
IP address of a provider of the online service both of which can he interpreted as an 
account number," that "[bjoth the URL and an IP address are registered in DNS and are 
used to identify the online service provider," and that "therefore both the URL and IP 
address can be interpreted as an account number of a provider of the online service." 
Furthermore, the Examiner has argued that "Fig. 2... discloses Target field in the XML 
and see, Fig. 5, Which discloses database containing a target field, all the vulnerabilities 
are stored in associati on with the target address which in an IP address and U RL of the 
online sendee for which the scanning is performed." 

Applicant respectfully disagrees and asserts that the above excerpt relied on by 
the Examiner merely discloses that "[t]he output from the port scanning tool, or the 
vulnerability scanning tool, is used to create the XML document that is then passed to the 
parser, which uses it to create a DOM tree," and that "[t.]he parser parses the XML 
documents with reference to their document type definitions (DTD) to check that the 
XML documents are valid and well formed" (Page 16, first paragraph). In addition, the 
figures relied on by the Examiner merely disclose a parser, and additionally disclose "an 
example of the psxml and xmldb tools running in verbose mode,''' where "psxml is a 
simple port scanning tool" and where an "XML document is. . . passed to the back-end 
XML database system called xmldb" (Page 19, second paragraph). 
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Further, applicant notes that Figure 6 discloses "[p]ort scanning and database 
tools output," where, as mentioned above, the output is used to create an XML document 
that is passed to a parser. Additionally, Figure 4 merely illustrates a "system" database 
table that includes a "sysm id" field, an "ip" field, a "target" field, and a "type" field. In 
addition, Figure 5 merely illustrates a "vuln" database table that includes a "vul_id" field, 
a "timestamp" field, a "timezone" field, a "target" field that references the system table, a 
"scantool" field, a "scanvsn" field, and a "state" field. 

However, disclosing an output of a port scanning tool and a database tool that is 
used to create an XML document , where the output includes a URL and IP address, in 
addition to disclosing that the XML document is passed to a back-end XML database 
system called xmldb, where the database system includes a system table, which includes 
an IP address field and a target field, and a vuln table, which includes a target field that, 
references the system table, as in Blyth, simply fails to support the Examiner's assertion 
that "both the URL and IP address can be interpreted as an account number of a provider 
of the online service," and further fails to suggest applicant's claimed technique "wherein 
the scanning engine parses the set of XML files and stores records of the parsed set of 
XML files in the database inj^ojnatiou. with a device record that is further in association 
with an account number of a provider ofthe online service " (emphasis added), as claimed 
by applicant. 

Clearly, disclosing that the target field of the vuln table references the target field 

ol the system table, which jIm« include-, ju in >=ddt jjj;„kh a- in HMh, ■>i--\:\r-\ fad to 

even suggest any sort of "an account number of a provider o i \ m h \kc , ' min h 
< ■> ^ n i v u ■> { se i i >e i >. >M \h" h > u n d m e in a s i on > th a 
device record that is further in association with an ac count number of a provider of the 
online service" (emphasis added), as specifically claimed by applicant. 

To establish a prima facie case of obviousness, three basic criteria must be met. 
First, there must be some suggestion or motivation, either in the references themselves or 
in the knowledge generally available to one of ordinary skill in the art, to modify the 
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reference or to combine reference teachings. Second, there must be a reasonable 
expectation of success. Finally, the prior art reference (or references when combined} 
must teach or suggest all the claim limitations. The teaching or suggestion to make the 
claimed combination and the reasonable expectation of success must both be found in the 
prior art and not based on applicant's disclosure. In re Vaeck,947 ¥.26. 488, 20 USPQ2d 
1438 (Fed.Cir.1991). 

Applicant respectfully asserts that at least the third element of the prima facie 
case of ob viousness has not been met, since the prior art excerpts, as relied upon by the 
Examiner, fail to teach or suggest all of the claim limitations, as noted above. Thus, a 
notice of allowance or a proper prior art showing of all of applicant's claim limitations, in 
combination with the remaining claim elements, is respectfully requested. 

Applicant further notes that the prior art is also deficient with respect to the 
dependent claims. For example, with respect to Claim 42, the Examiner has relied on 
Paragraphs [0052] and [0054] from the Bunker reference to make a prior art showing of 
applicant's claimed technique "wherein the schedule is requested by the customer." 
Further, in the Office Action dated 02/1 9/2010, the Examiner has argued that "the tests 
for vulnerability are scheduled according to the customer profile and the customer profile 
is provided by the customer therefore, the schedule is requested by the customer." 

Applicant respectfully disagrees and asserts that the excerpts from Bunker relied 
upon by the Examiner merely teach that "[t] he job scheduling module 202... uses the 
custt i mgr p rofi le 204 information to tell the Command Engine 116 what services the 
t islo s\ -ho U •. .. o h; I die ( o nm in i c 1 ' < undue! the i n >p kite 
range of tests 516" (Paragraph [0052] - emphasis added). Further, the excerpts teach that 

[ejve v ^io ik i . u-in 4Ji i it m t i u wi> 'i 

the customer will b e provided, the range of IP addresses the customers network 1002 
spans, who ess etc ' and that 

" Customer ..Profile information includes that information discussed in this specification 
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which would typically be provided by the Customer ., such as IP addresses , services to be 
dj < e (Paragj iph [0054] - emphasis added), 

However, merely using the customer pi oft \.» t i i tiun to toil the Command 
Engine what sen if, , ! , ' mer should receive , where the customer profile 
information is provided by the customer and includes a description of the services the 
cush>:iv; •••• d! H.. yi\r. !h,- ;-f M ; M-hVs- • the casl^iiK t 's network spans, who 

should receive the monthly reports , and a company mailing address , as in Bunker, fails to 
suggest applicant's claimed technique "wherein the schedule is requested by the 
customer " (emphasis added), as claimed by applicant. Clearly, a customer providing 
customer profile information such as IP addresses and services to be provided, as in 
Bunker, simply fails to even suggest that "the schedule is requested by the customer ' 
(emphasis added), as specifically claimed by applicant. 

Again, since at least the third element of the - prima t facie case of obviousness has 
not been met, a notice of allowance or specific prior art showing of each of the foregoing 
claim elements, in combination with the remaining claimed features, is respectfully 
requested. 

Still yet. applicant brings to the Examiner's attention the subject matter of new 
Claims 47-48 below, which are added tor full consideration: 

"wherein the account number of the provider of the online service is 
associated with the provider's account records" (see Claim 47); and 

"wherein the overall numeric rating has a normalized numerical scale of 0 
to 10 and is based on individual security metrics including a frequency of scan, a 
promptness of repair, a frequency of vulnerabilities, how recently scanned, a 
percentage of servers tested, and a current status" (see Claim 48). 
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Again, a notice of allowance or a proper prior art showing of ajl of applicant's 
claim limitations, in combination with the remaining claim elements, is respectfully 
requested. 

To this end, all of the independent claims are deemed allowable. Moreo ver, the 
remaining dependent claims are further deemed allowable, in vie w of their dependence 
on such independent claims, 

In the e vent a telephone conversation would expedite the prosecution of this 
application, the Examiner may reach the undersigned at (408) 505-5 100. The 
Commissioner is authorized to charge any additional fees or credit any overpayment to 
Deposit Account No. 50-1351 (Order No. NAI1P647). 

Respectfully submitted, 
Zilka-Kotab, PC 

/KEVINZfLKA/ 

Kevin J. Zilka 
Registration No. 41,429 
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